Mobile

New Apple iOS 7 Security Flaw Discovered

Another new Apple iOS security vulnerability has been discovered this week that will leave mobile users less than impressed with Apple’s recent work to make the OS more secure. The vulnerability, discovered by top security researches FireEye, is exploitable in multiple Apple iOS 7 versions including 7.0.4, 5 and 6.1x. More worringly, version 7.0.6 that has only recently been released has also failed to pick up and mitigate this Applie iOS7 security flaw.

Even without a modified or jailbroken device, malicious apps are capable of capturing and transmitting key strokes or touches run on Apple iOS 7 operating systems, according to FireEye. An app, created by the research giants, has provided evidence that attackers are able to covertly monitor end user devices and that there is currently no patch available to prevent this. With Apple only recently releasing Apple iOS 7 version 7.0.6 – an update required to fix the critical vulnerability located in Secure Sockets Layer (SSL) discovered in January, it is evident that this vulnerability was not even on Apple’s radar.

This new Apple iOS 7 security flaw allows hackers to spy on users that have installed the malicious app. The worst part is the flaw enables hackers to bypass Apple’s app review process and put it straight onto the market place. The app can be published to be downloaded by users willingly, or users could be tricked to download the app from phishing or drive by download means. However the payload is executed on the users mobile device, the result is the same – every action undertaken by the user will be tracked and monitored. This includes touches on the screen to confirm pin numbers, any data entered into mobile banking apps and credentials for every kind of social media app present on the phone. This data will then be beaconed out to a remote server where hackers are able to reconstruct data and build up profiles.

This type of vulnerability is particularly alarming in the early days before Apple release a patch, and users are strongly encouraged to be aware of the types of apps they are downloading. Even genuine apps could be malicious if this exploit is able to latch onto a legitimate app in the app store. In the mean time, Apple iOS 7 users should utilise the iOS task manager to ensure that only the apps they are aware of are running in the background. It will be obvious to any Apple user if there is a beaconing out and if this is spotted then users should be concerned.

Tip: To utilise the task manager on an iOS device, tap the home button twice. This will give you preview screens of apps currently open. You can then swipe through and disable any apps running that you are unaware of.